# Exploit Title: iOS 8 devices may auto-associate with untrusted access points with a downgraded security type
# Date: 06-30-2015
# Exploit Author: BrianWGray
# Contact: https://twitter.com/BrianWGray
# WebPage: https://CTRLu.net/
# Vendor Homepage: https://www.apple.com/
# Vendor Advisory: https://support.apple.com/en-us/HT204941
# Software Link: https://support.apple.com/downloads/ios
# Version: iOS 8.0 - 8.4
# Recommended to update to Version 8.4 or above
# Tested on: iOS 8 Beta 5 (12A4345d)
# CVE : CVE-2015-3728
# APPLE : APPLE-SA-2015-06-30-1
The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.
An insufficient comparison issue existed in WiFi
manager's evaluation of known access point advertisements. This issue
was addressed through improved matching of security parameters.
Note: Impact is to WPA/WPA2, Enterprise authentication does not appear to be affected.